New IATF 16949 requirements: Your FAQs Answered


By Eric Stoop
February 26, 2018

quality focused checks

By all accounts, the transition from ISO/TS 16949 to IATF 16949 has been a bumpy road so far. The standard encompasses a range of new requirements, including major changes to parent standard ISO 9001. Added to that, General Motors (GM) recently issued new customer-specific requirements that have significant implications for internal audits.

Many suppliers still have questions about what the new requirements are, what they should be doing to prepare and what auditors are looking to see. Time is running out, so it’s critical that organizations take action now to avoid any unnecessary delays or business interruptions due to certification issues.

What’s New in IATF 16949:2016?

IATF 16949 is an add-on to ISO 9001:2015, which recently underwent a major revision. ISO 9001 and IATF 16949 introduce a wide variety of new requirements for automotive suppliers, with some of the biggest changes focusing on:

  • Management accountability: The new standard emphasizes management participation and accountability. Leadership needs to engage in regular review of data, managing action plans and evaluating key performance indicators (KPIs).
  • Risk mitigation: IATF 16949 and ISO 9001 both focus extensively on risk. However, IATF 16949 goes further than ISO 9001 in terms of incorporating risk analysis into different processes. For example, preventive action no longer shows up in ISO 9001, while it is mandatory for IATF 16949.
  • Embedded software: Product validation, warranty and troubleshooting processes will need to include assessment of embedded software, including for outsourced parts.
  • Product safety: The latest version of the standard adds requirements for multi-level control plan and failure modes and effects analysis (FMEA) approval.

What’s the Difference Between Customer Requirements and Customer-Specific Requirements?

Manufacturers that certify to IATF 16949 must also comply with requirements outlined by customers. These requirements fall into two categories:

  • Customer requirements are those specific to the order or product, such as a specific tolerance based on the OEM’s specification.
  • Customer-specific requirements are requirements from original equipment manufacturers (OEMs) published as a supplement to IATF 16949.

General Motors (GM) recently released new customer-specific requirements mandating that suppliers conduct layered process audits (LPAs), a type of high-frequency audit to check key processes every shift. Fiat Chrysler also requires LPAs as part of its customer-specific requirements.

What Are Auditors Looking For?

Organizations can streamline the transition and avoid headaches by thinking like an auditor. That means focusing on documentation and performance, as well as demonstrating how management is actively engaged in quality efforts.

Auditors will want to see that you’re tracking key performance indicators (KPIs) for each process that specifically measure effectiveness and efficiency. Below are some examples organizations can apply to various processes, although the metrics you choose should reflect your goals and objectives.

Effectiveness Efficiency
PPM Number of corrective action requests (CARs) overdue (e.g. 30 days, 60 days, 90 days).
Customer complaints Average time to closure for CARs
Scrap Number of repeat non-conformities in audits
Overall equipment effectiveness Audit completion rates

You can also expect auditors to ask about gap analysis results, internal audit findings and compliance with customer-specific requirements. Suppliers working with automotive manufacturers like GM and Fiat Chrysler will need to show how they are complying with LPA requirements. An automated audit platform is a distinct advantage here, allowing you to conduct mobile audits, access real-time data and document continuous improvement.

What Are IATF 16949 Compliance Deadlines?

After September 14, 2018, all ISO/TS 16949 certificates will officially expire. All audits must now be to the new standard, so there’s no recertifying to the old version.

While it may sound like a lot of time, there’s no time to waste if you’re just at the beginning of your transition journey. Key steps to take include:

  • Obtaining copies of IATF 16949 as well as relevant customer-specific requirements
  • Sending internal auditors for training
  • Documenting your processes according to the standard
  • Setting up KPIs and how you will track them
  • Establishing effective internal audit programs to verify compliance
  • Recording corrective action activities to demonstrate continuous improvement

Suppliers should aim to complete transition audits by June of 2018 to allow enough time to address and close out any non-conformities. Waiting too long could mean a certification delay that prevents you from doing business with OEMs. It’s a risk few companies can afford to take, and taking action now will give you peace of mind as deadlines get closer.

Eric Stoop
Eric Stoop